ABSTRACT : This paper describes the basic threats to the network security and the basic issues of interest for designing a secure network. it describes the important aspects of network security. A secure network is one which is free of unauthorized entries and hackers

INTRODUCTION

Over the past few years, Internet-enabled business, or e-business, has drastically improved efficiency and revenue growth. E-business applications such as e-commerce, supply-chain management, and remote access allow companies to streamline processes, lower operating costs, and increase customer satisfaction. Such applications require mission-critical networks that accommodate voice, video, and data traffic, and these networks must be scalable to support increasing numbers of users and the need for greater capacity and performance. However, as networks enable more and more applications and are available to more and more users, they become ever more vulnerable to a wider range of security threats. To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks.

Why Networks Must Be Secured?

Attacks: -

Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors. In fact, according to several studies, more than half of all network attacks are waged internally. To determine the best ways to protect against attacks, we should understand the many types of attacks that can be instigated and the damage that these attacks can cause to data. The most common types of attacks include Denial of Service (DoS), password, and root access attacks. DoS attacks are particularly malicious because although they do not provide intruders with access to specific data, they "tie up" IS resources, preventing legitimate users from accessing applications. They are usually achieved by hackers sending large amounts of jumbled or otherwise unmanageable data to machines that areconnected to corporate networks or the Internet. Even more malicious are Distributed Denial of Service (DDoS) attacks in which an attacker compromises multiple machines or hosts. According to the 2001 Computer Security Institute (CSI) and FBI "Computer Crime and Security Survey," 38 percent of respondents detected DoS attacks, compared with 11 percent in 2000.

Historically, password attacks, attacks in which a perpetrator gains unauthorized access to network passwords in order penetrate confidential information, have been the most common type of attacks. When a hacker "cracks" the password of a legitimate user, he has access to that user's network resources and typically a very strong platform for getting access to the rest of the network. For example, in December of 2000, a hacker stole user passwords from the University of Washington Medical Center in Seattle and gained access to files containing confidential information regarding approximately 5000 patients. Hackers can often easily obtain passwords because users typically choose common words or numbers as their passwords, enabling the hacker's use of software programs to methodically determine those passwords. Hackers also deploy social engineering techniques to gain access to passwords. Social engineering is the increasingly prevalent act of obtaining confidential network security information through non technical means, such as posing as a technical support representative and making direct phone calls to employees to gather password information.

From the early days of the Internet, when only e-mail servers were on the network, a hacker's ultimate goal was to gain root access to the UNIX host that ran these applications. With root access, the hacker had full control of the system and could often collect enough information to gain access to the rest of the network and other partner networks. E-business...

YOU MAY ALSO FIND THESE DOCUMENTS HELPFUL

...﻿
Week 5 Security Solutions
T. Lee
NTC/411
November 2013
Week 5 Security Solutions
In today’s computing world, threats come in many different forms. Business and organizations are bombarded with electronic threats every second. Denial of service (DOS), network disruptions, and stealing of confidential information not only hurt businesses, but also hurt customers. With identity theft so prevalent, a business owes its customers the highest level of security possible. Many mechanisms are available protect critical infrastructure and information.
E-commerce networks are prone to external attacks. They present large targets with valuable internal data, such as customer information, credit card numbers and bank accounts, supply chain information, pricing, and so on. They must allow legitimate, worldwide users to connect and interact with the network. Speed is a priority to end users, where long transaction times or slow site navigation will motivate them to move to a different vendor. Security is another priority. Customers must be assured that their privacy and confidential information will remain intact and guarded.
Hardware can be used to protect the network from outside threats. Intrusion detection systems (IDS) automate detection of threats and attack through traffic analysis. Cisco’s IDS “delivers a comprehensive, pervasive...

...Networksecurity concepts
Networksecurity starts with authenticating, commonly with a username and a password. Since this requires just one detail authenticating the user name —i.e. the password— this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g. a fingerprint or retinal scan).
Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users.[2] Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS)[3] help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network like wireshark traffic and may be logged for audit purposes and for later high-level analysis.
Communication between two hosts using a network may be encrypted to maintain privacy.
Honeypots, essentially decoy network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are...

...MARKET ANALYSIS Worldwide NetworkSecurity 2012–2016 Forecast and 2011 Vendor Shares
John Grady
IDC OPINION
The worldwide networksecurity market grew by 6.1% in 2011. The total market, which includes firewall, unified threat management (UTM), intrusion detection and prevention (IDP), and virtual private network (VPN) solutions, reached $7.4 billion in 2011. UTM revenue saw the strongest growth at 17.4% and reached $2.2 billion. The IDP market saw more moderate growth at 4.5%, reaching $1.9 billion. The firewall segment remained the largest component of the market at $2.4 billion but grew only a modest 2.9% over 2010. Revenue from standalone VPN solutions fell 5.3% to $0.9 billion. IDC expects the firewall and VPN segments to remain fairly flat over the forecast period. UTM and IDP solutions will drive the overall market to $10.1 billion in 2016, representing a compound annual growth rate (CAGR) of 6.4%. Other highlights include:  Application awareness and control will continue to be a key feature demanded by organizations to address the ever-blurring line between personal and corporate use of the Web and better enable business processes and productivity.  Further, the "bring your own device" (BYOD) trend will necessarily continue to drive more granularity and context into policy management.  Integrating more advanced malware detection will be one of the key drivers in the UTM/next-generation...

...Security Domain and Strategies
The Richman Company is a successful and prosperous firm with branches in eight locations throughout the country and Canada. To support its growth, the company uses both an intranet and an extranet network. These networks are essential to the successful operation of the company because they provide the means of communicating with all employees, who use the intranet to enroll in company benefit programs. Thesenetworks also allow all of the company’s business partners, vendors and privileged customers to gain information about the company. In recent years, the company has been expanding rapidly. As one of the company’s interns, I have been asked to analyze the company’s vulnerabilities and make a plan to protect company assets and to utilize available technology most effectively. Before making the final proposal, I examined Richman’s use of the intranet and the extranet networks and found problems that require immediate attention.
One problem that results in a grievous vulnerability regards the use of the intranet which Richman hosts for employees. I found that many of the computers were using Internet Explorer with the default setting “Websites in less privileged web control zone can navigate into this zone” enabled. According to Cesar Cerrudo, founder and CEO of Argeniss, a Internet website is able to reference an Intranet website by including a HTML FRAME or...

...﻿
Security Proposal – ZXY Corporation
__________________
Colorado State University – Global Campus
Executive Summary
ZXY Corporation has recently relocated to a new facility. A Local Area Network (LAN) was installed for the purpose of sharing resources, but there are currently no security measures in place to safeguard sensitive data. This is an unacceptable state of affairs, because it leaves the organization's data vulnerable to theft, corruption, destruction or other forms of tampering. In addition, all information systems on the network are currently extremely vulnerable to intrusion and malware. Furthermore, it is not advisable for even the employees within the organization to have completely unrestricted access to all of the organization's data. A comprehensive security architecture must be established in order for ZXY Corp. to continue to grow and flourish on a solid foundation. This proposal will outline a multifaceted approach to security architecture which will mitigate against both internal threats, such as data theft or leakage by employees, and external threats such as network intrusions and malware. The specific areas which this proposal will cover in detail are: access control measures, password policy, encryption methods, remote access solutions, and perimeter defense measures such as firewalls and intrusion prevention and detection...

...__________.
a. over a single IP network
4. Each of the following is a convergence security vulnerability except __________.
a. convergence resource attacks (CRA)
5. Which of the following is not true regarding a demilitarized zone (DMZ)?
a. It contains servers that are only used by internal network users.
6. Network address translation (NAT) __________.
c. removes private addresses when the packet leaves thenetwork
7. Each of the following is a variation available in network access control (NAC) implementations except __________.
c. network or local
8. Another name for a packet filter is a __________.
b. firewall
9. The __________ establishes the action that a firewall takes on a packet.
b. rule base
10. A(n) __________ intercepts internal user requests and then processes that request on behalfof the user.
a. proxy server
11. A reverse proxy __________.
b. routes incoming requests to the correct server
12. A honeypot is used for each of the following except __________.
b. filter packets before they reach the network
13. A __________ watches for attacks but only takes limited action when one occurs.
a. network intrusion detection system(NIDS)
14. A multipurpose security appliance integrated into a router is known as a(n) __________.
b. integrated...

...Solutions:
Security Assessments
And
Recommendations
Ruth Garcia
Session: March 2012
Security in Computing
Professor: Randy Strauber
BACKGROUND
Aircraft Solutions (AS) located in beautiful southern California has become a recognized leader in the electronics, commercial, defense and aerospace industries. This is due their design and fabrication of component products and services available to their customers in the various industries. What set Aircraft Solutions apart from other design and fabrication companies are their dedicated, trained workforce and the maintenance of a large capacity plant and extensive equipment that enables the company to meet customer requirements. The company is made up of a large highly skilled work force that works its highly automated production systems from design engineers, programmers, machinists and assembly personnel. Aircraft Solutions goals are to provide excellent customer service and success through its machined products and services. This is achieved while at the same time keeping their cost, quality and scheduled deliveries in check.
The main headquarters for Aircraft Solutions is currently in San Diego, California, while their Commercial Division is located 40 miles east of headquarters and the Defense Division is located in Santa Ana, California.
Security Weakness
In reviewing the current business process, geographic layout, current IT architecture...

...Elements of NetworkSecurity
Louis Kibby
Network / Datacom I TCM 537
Mr. Stuart Sandler
November 28, 2005
Elements of NetworkSecurity
Introduction
The primary objective of a networksecurity system is to, in a cost effective manner, balance convenient access to legitimate users and inaccessibility to attackers. In a nutshell, the goal is to prevent connectivity to anyone intending to cause harm to the network. The harm to which this paper refers can come in the following forms:
1. Application-level security threats, such as e-mail viruses and attachments.
2. Threats to network infrastructure devices.
3. Theft of network connectivity services.
4. Unauthorized access from internal and external sources.
5. Denial of service attacks.
Using a proper networksecurity strategy reduces and, in some cases, even avoids the listed harmful attacks from occurring on a network (Gary, T., et al, Mar. 2002). This paper will discuss such a strategy used by the Los Angeles Department of Water and Power (LADWP), as well as the strategy's three primary elements: prevention, detection, and recovery.
Prevention
Surprisingly, the most common threat to a company's information assets does not come from the sly and cunning computer hacker that is glamorized by Hollywood...